Superfish 2.0: Second security flaw leaves Dell PC users vulnerable to hackers
Credit:
DELL isn't having a good week. A second root certificate has been found on its PCs and laptops, that could leave users' personal information vulnerable to hackers.
The second certificate, called DSDTestProvider, is installed by an application called Dell System Detect (DSD), which users are prompted to download and install when they visit the Dell support website.
Carnegie Mellon University CERT said in an advisory that the flaw allows hackers to create trusted certificates and impersonate sites and launch man-in-the-middle attacks. "An attacker can generate certificates signed by the DSDTestProvider CA. Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA," it said.